| < draft-ietf-httpbis-proxy-status-03.txt | draft-ietf-httpbis-proxy-status-04.txt > | |||
|---|---|---|---|---|
| HTTP M. Nottingham | HTTP M. Nottingham | |||
| Internet-Draft Fastly | Internet-Draft Fastly | |||
| Intended status: Standards Track P. Sikora | Intended status: Standards Track P. Sikora | |||
| Expires: 13 August 2021 Google | Expires: 13 August 2021 Google | |||
| 9 February 2021 | 9 February 2021 | |||
| The Proxy-Status HTTP Response Header Field | The Proxy-Status HTTP Response Header Field | |||
| draft-ietf-httpbis-proxy-status-03 | draft-ietf-httpbis-proxy-status-04 | |||
| Abstract | Abstract | |||
| This document defines the Proxy-Status HTTP field to convey the | This document defines the Proxy-Status HTTP field to convey the | |||
| details of intermediary response handling, including generated | details of intermediary response handling, including generated | |||
| errors. | errors. | |||
| Note to Readers | Note to Readers | |||
| _RFC EDITOR: please remove this section before publication_ | _RFC EDITOR: please remove this section before publication_ | |||
| skipping to change at page 2, line 28 ¶ | skipping to change at page 2, line 28 ¶ | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 4 | 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 4 | |||
| 2. The Proxy-Status HTTP Field . . . . . . . . . . . . . . . . . 4 | 2. The Proxy-Status HTTP Field . . . . . . . . . . . . . . . . . 4 | |||
| 2.1. Proxy-Status Parameters . . . . . . . . . . . . . . . . . 5 | 2.1. Proxy-Status Parameters . . . . . . . . . . . . . . . . . 5 | |||
| 2.1.1. error . . . . . . . . . . . . . . . . . . . . . . . . 5 | 2.1.1. error . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.1.2. next-hop . . . . . . . . . . . . . . . . . . . . . . 6 | 2.1.2. next-hop . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 2.1.3. next-protocol . . . . . . . . . . . . . . . . . . . . 7 | 2.1.3. next-protocol . . . . . . . . . . . . . . . . . . . . 7 | |||
| 2.2. received-status . . . . . . . . . . . . . . . . . . . . . 7 | 2.1.4. received-status . . . . . . . . . . . . . . . . . . . 7 | |||
| 2.2.1. details . . . . . . . . . . . . . . . . . . . . . . . 7 | 2.1.5. details . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 2.3. Defining New Proxy-Status Parameters . . . . . . . . . . 7 | 2.2. Defining New Proxy-Status Parameters . . . . . . . . . . 7 | |||
| 2.4. Proxy Error Types . . . . . . . . . . . . . . . . . . . . 8 | 2.3. Proxy Error Types . . . . . . . . . . . . . . . . . . . . 8 | |||
| 2.4.1. DNS Timeout . . . . . . . . . . . . . . . . . . . . . 8 | 2.3.1. DNS Timeout . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 2.4.2. DNS Error . . . . . . . . . . . . . . . . . . . . . . 8 | 2.3.2. DNS Error . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 2.4.3. Destination Not Found . . . . . . . . . . . . . . . . 9 | 2.3.3. Destination Not Found . . . . . . . . . . . . . . . . 9 | |||
| 2.4.4. Destination Unavailable . . . . . . . . . . . . . . . 9 | 2.3.4. Destination Unavailable . . . . . . . . . . . . . . . 9 | |||
| 2.4.5. Destination IP Prohibited . . . . . . . . . . . . . . 9 | 2.3.5. Destination IP Prohibited . . . . . . . . . . . . . . 9 | |||
| 2.4.6. Destination IP Unroutable . . . . . . . . . . . . . . 10 | 2.3.6. Destination IP Unroutable . . . . . . . . . . . . . . 10 | |||
| 2.4.7. Connection Refused . . . . . . . . . . . . . . . . . 10 | 2.3.7. Connection Refused . . . . . . . . . . . . . . . . . 10 | |||
| 2.4.8. Connection Terminated . . . . . . . . . . . . . . . . 10 | 2.3.8. Connection Terminated . . . . . . . . . . . . . . . . 10 | |||
| 2.4.9. Connection Timeout . . . . . . . . . . . . . . . . . 10 | 2.3.9. Connection Timeout . . . . . . . . . . . . . . . . . 10 | |||
| 2.4.10. Connection Read Timeout . . . . . . . . . . . . . . . 11 | 2.3.10. Connection Read Timeout . . . . . . . . . . . . . . . 11 | |||
| 2.4.11. Connection Write Timeout . . . . . . . . . . . . . . 11 | 2.3.11. Connection Write Timeout . . . . . . . . . . . . . . 11 | |||
| 2.4.12. Connection Limit Reached . . . . . . . . . . . . . . 11 | 2.3.12. Connection Limit Reached . . . . . . . . . . . . . . 11 | |||
| 2.4.13. TLS Protocol Error . . . . . . . . . . . . . . . . . 11 | 2.3.13. TLS Protocol Error . . . . . . . . . . . . . . . . . 11 | |||
| 2.4.14. TLS Certificate Error . . . . . . . . . . . . . . . . 12 | 2.3.14. TLS Certificate Error . . . . . . . . . . . . . . . . 12 | |||
| 2.4.15. TLS Alert Received . . . . . . . . . . . . . . . . . 12 | 2.3.15. TLS Alert Received . . . . . . . . . . . . . . . . . 12 | |||
| 2.4.16. HTTP Request Error . . . . . . . . . . . . . . . . . 13 | 2.3.16. HTTP Request Error . . . . . . . . . . . . . . . . . 13 | |||
| 2.4.17. HTTP Request Denied . . . . . . . . . . . . . . . . . 13 | 2.3.17. HTTP Request Denied . . . . . . . . . . . . . . . . . 13 | |||
| 2.4.18. HTTP Incomplete Response . . . . . . . . . . . . . . 13 | 2.3.18. HTTP Incomplete Response . . . . . . . . . . . . . . 13 | |||
| 2.4.19. HTTP Response Header Section Too Large . . . . . . . 14 | 2.3.19. HTTP Response Header Section Too Large . . . . . . . 14 | |||
| 2.4.20. HTTP Response Header Too Large . . . . . . . . . . . 14 | 2.3.20. HTTP Response Header Too Large . . . . . . . . . . . 14 | |||
| 2.4.21. HTTP Response Body Too Large . . . . . . . . . . . . 14 | 2.3.21. HTTP Response Body Too Large . . . . . . . . . . . . 14 | |||
| 2.4.22. HTTP Response Trailer Section Too Large . . . . . . . 15 | 2.3.22. HTTP Response Trailer Section Too Large . . . . . . . 15 | |||
| 2.4.23. HTTP Response Trailer Too Large . . . . . . . . . . . 15 | 2.3.23. HTTP Response Trailer Too Large . . . . . . . . . . . 15 | |||
| 2.4.24. HTTP Response Transfer-Coding Error . . . . . . . . . 16 | 2.3.24. HTTP Response Transfer-Coding Error . . . . . . . . . 16 | |||
| 2.4.25. HTTP Response Content-Coding Error . . . . . . . . . 16 | 2.3.25. HTTP Response Content-Coding Error . . . . . . . . . 16 | |||
| 2.4.26. HTTP Response Timeout . . . . . . . . . . . . . . . . 16 | 2.3.26. HTTP Response Timeout . . . . . . . . . . . . . . . . 16 | |||
| 2.4.27. HTTP Upgrade Failed . . . . . . . . . . . . . . . . . 17 | 2.3.27. HTTP Upgrade Failed . . . . . . . . . . . . . . . . . 17 | |||
| 2.4.28. HTTP Protocol Error . . . . . . . . . . . . . . . . . 17 | 2.3.28. HTTP Protocol Error . . . . . . . . . . . . . . . . . 17 | |||
| 2.4.29. Proxy Internal Response . . . . . . . . . . . . . . . 17 | 2.3.29. Proxy Internal Response . . . . . . . . . . . . . . . 17 | |||
| 2.4.30. Proxy Internal Error . . . . . . . . . . . . . . . . 17 | 2.3.30. Proxy Internal Error . . . . . . . . . . . . . . . . 17 | |||
| 2.4.31. Proxy Configuration Error . . . . . . . . . . . . . . 18 | 2.3.31. Proxy Configuration Error . . . . . . . . . . . . . . 18 | |||
| 2.4.32. Proxy Loop Detected . . . . . . . . . . . . . . . . . 18 | 2.3.32. Proxy Loop Detected . . . . . . . . . . . . . . . . . 18 | |||
| 2.5. Defining New Proxy Error Types . . . . . . . . . . . . . 18 | 2.4. Defining New Proxy Error Types . . . . . . . . . . . . . 18 | |||
| 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | |||
| 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 5.1. Normative References . . . . . . . . . . . . . . . . . . 20 | 5.1. Normative References . . . . . . . . . . . . . . . . . . 20 | |||
| 5.2. Informative References . . . . . . . . . . . . . . . . . 20 | 5.2. Informative References . . . . . . . . . . . . . . . . . 20 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 1. Introduction | 1. Introduction | |||
| HTTP intermediaries -- including both forward proxies and gateways | HTTP intermediaries -- including both forward proxies and gateways | |||
| skipping to change at page 3, line 47 ¶ | skipping to change at page 3, line 47 ¶ | |||
| example, 502 Bad Gateway and 504 Gateway Timeout. However, | example, 502 Bad Gateway and 504 Gateway Timeout. However, | |||
| experience has shown that more information is necessary to aid | experience has shown that more information is necessary to aid | |||
| debugging and communicate what's happened to the client. | debugging and communicate what's happened to the client. | |||
| Additionally, intermediaries sometimes want to convey additional | Additionally, intermediaries sometimes want to convey additional | |||
| information about their handling of a response, even if they did not | information about their handling of a response, even if they did not | |||
| generate it. | generate it. | |||
| To enable these uses, Section 2 defines a new HTTP response field to | To enable these uses, Section 2 defines a new HTTP response field to | |||
| allow intermediaries to convey details of their handling of a | allow intermediaries to convey details of their handling of a | |||
| response, Section 2.1 enumerates the kind of information that can be | response, Section 2.1 enumerates the kind of information that can be | |||
| conveyed, and Section 2.4 defines a set of error types for use when a | conveyed, and Section 2.3 defines a set of error types for use when a | |||
| proxy encounters an issue when obtaining a response for the request. | proxy encounters an issue when obtaining a response for the request. | |||
| 1.1. Notational Conventions | 1.1. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| skipping to change at page 6, line 5 ¶ | skipping to change at page 6, line 5 ¶ | |||
| The "error" parameter's value is an sf-token that is a Proxy Error | The "error" parameter's value is an sf-token that is a Proxy Error | |||
| Type. When present, it indicates that the proxy encountered an issue | Type. When present, it indicates that the proxy encountered an issue | |||
| when obtaining a response. | when obtaining a response. | |||
| Unless a Proxy Error Type specifies otherwise, the presences of error | Unless a Proxy Error Type specifies otherwise, the presences of error | |||
| often, but not always, indicates that response was generated by the | often, but not always, indicates that response was generated by the | |||
| proxy, not the origin server or any other upstream server. For | proxy, not the origin server or any other upstream server. For | |||
| example, a proxy might attempt to correct an error, or part of a | example, a proxy might attempt to correct an error, or part of a | |||
| response might be forwarded before the error is encountered. | response might be forwarded before the error is encountered. | |||
| Section 2.4 lists the Proxy Error Types defined in this document; new | Section 2.3 lists the Proxy Error Types defined in this document; new | |||
| ones can be defined using the procedure outlined in Section 2.5. | ones can be defined using the procedure outlined in Section 2.4. | |||
| For example: | For example: | |||
| HTTP/1.1 504 Gateway Timeout | HTTP/1.1 504 Gateway Timeout | |||
| Proxy-Status: SomeCDN; error=connection_timeout | Proxy-Status: SomeCDN; error=connection_timeout | |||
| indicates that this 504 response was generated by SomeCDN, due to a | indicates that this 504 response was generated by SomeCDN, due to a | |||
| connection timeout when going forward. | connection timeout when going forward. | |||
| Or: | Or: | |||
| skipping to change at page 6, line 29 ¶ | skipping to change at page 6, line 29 ¶ | |||
| Proxy-Status: SomeReverseProxy; error=http_request_error | Proxy-Status: SomeReverseProxy; error=http_request_error | |||
| indicates that this 429 Too Many Requests response was generated by | indicates that this 429 Too Many Requests response was generated by | |||
| the intermediary, not the origin. | the intermediary, not the origin. | |||
| When sending the error parameter, the most specific Proxy Error Type | When sending the error parameter, the most specific Proxy Error Type | |||
| SHOULD be sent, provided that it accurately represents the error | SHOULD be sent, provided that it accurately represents the error | |||
| condition. If an appropriate Proxy Error Type is not defined, there | condition. If an appropriate Proxy Error Type is not defined, there | |||
| are a number of generic error types (e.g., proxy_internal_error, | are a number of generic error types (e.g., proxy_internal_error, | |||
| http_protocol_error) that can be used. If they are not suitable, | http_protocol_error) that can be used. If they are not suitable, | |||
| consider registering a new Proxy Error Type (see Section 2.5). | consider registering a new Proxy Error Type (see Section 2.4). | |||
| Each Proxy Error Type has a Recommended HTTP Status Code. When | Each Proxy Error Type has a Recommended HTTP Status Code. When | |||
| generating a HTTP response containing "error", its HTTP status code | generating a HTTP response containing "error", its HTTP status code | |||
| SHOULD be set to the Recommended HTTP Status Code. However, there | SHOULD be set to the Recommended HTTP Status Code. However, there | |||
| may be circumstances (e.g., for backwards compatibility with previous | may be circumstances (e.g., for backwards compatibility with previous | |||
| behaviours, a status code has already been sent) when another status | behaviours, a status code has already been sent) when another status | |||
| code might be used. | code might be used. | |||
| Proxy Error Types can also define any number of extra parameters for | Proxy Error Types can also define any number of extra parameters for | |||
| use with that type. Their use, like all parameters, is optional. As | use with that type. Their use, like all parameters, is optional. As | |||
| skipping to change at page 7, line 20 ¶ | skipping to change at page 7, line 20 ¶ | |||
| established. | established. | |||
| The value MUST be either an sf-token or sf-binary. If the protocol | The value MUST be either an sf-token or sf-binary. If the protocol | |||
| identifier is able to be expressed as an sf-token using UTF-8 | identifier is able to be expressed as an sf-token using UTF-8 | |||
| encoding, that form MUST be used. | encoding, that form MUST be used. | |||
| For example: | For example: | |||
| Proxy-Status: "proxy.example.org"; next-protocol=h2 | Proxy-Status: "proxy.example.org"; next-protocol=h2 | |||
| 2.2. received-status | 2.1.4. received-status | |||
| The "received-status" parameter's value indicates the HTTP status | The "received-status" parameter's value indicates the HTTP status | |||
| code that the intermediary received from the next hop server. | code that the intermediary received from the next hop server. | |||
| The value MUST be an sf-integer. | The value MUST be an sf-integer. | |||
| For example: | For example: | |||
| Proxy-Status: ExampleProxy; received-status=200 | Proxy-Status: ExampleProxy; received-status=200 | |||
| 2.2.1. details | 2.1.5. details | |||
| The "details" parameter's value is an sf-string containing additional | The "details" parameter's value is an sf-string containing additional | |||
| information not captured anywhere else. This can include | information not captured anywhere else. This can include | |||
| implementation-specific or deployment-specific information. | implementation-specific or deployment-specific information. | |||
| For example: | For example: | |||
| Proxy-Status: ExampleProxy; error="http_protocol_error"; | Proxy-Status: ExampleProxy; error="http_protocol_error"; | |||
| details="Malformed response header - space before colon" | details="Malformed response header - space before colon" | |||
| 2.3. Defining New Proxy-Status Parameters | 2.2. Defining New Proxy-Status Parameters | |||
| New Proxy-Status Parameters can be defined by registering them in the | New Proxy-Status Parameters can be defined by registering them in the | |||
| HTTP Proxy-Status Parameters registry. | HTTP Proxy-Status Parameters registry. | |||
| Registration requests are reviewed and approved by a Designated | Registration requests are reviewed and approved by a Designated | |||
| Expert, as per [RFC8126], Section 4.5. A specification document is | Expert, as per [RFC8126], Section 4.5. A specification document is | |||
| appreciated, but not required. | appreciated, but not required. | |||
| The Expert(s) should consider the following factors when evaluating | The Expert(s) should consider the following factors when evaluating | |||
| requests: | requests: | |||
| skipping to change at page 8, line 30 ¶ | skipping to change at page 8, line 30 ¶ | |||
| * Name: [a name for the Proxy-Status Parameter that matches key] | * Name: [a name for the Proxy-Status Parameter that matches key] | |||
| * Description: [a description of the parameter semantics and value] | * Description: [a description of the parameter semantics and value] | |||
| * Reference: [to a specification defining this parameter] | * Reference: [to a specification defining this parameter] | |||
| See the registry at https://iana.org/assignments/http-proxy-status | See the registry at https://iana.org/assignments/http-proxy-status | |||
| (https://iana.org/assignments/http-proxy-status) for details on where | (https://iana.org/assignments/http-proxy-status) for details on where | |||
| to send registration requests. | to send registration requests. | |||
| 2.4. Proxy Error Types | 2.3. Proxy Error Types | |||
| This section lists the Proxy Error Types defined by this document. | This section lists the Proxy Error Types defined by this document. | |||
| See Section 2.5 for information about defining new Proxy Error Types. | See Section 2.4 for information about defining new Proxy Error Types. | |||
| 2.4.1. DNS Timeout | 2.3.1. DNS Timeout | |||
| * Name: dns_timeout | * Name: dns_timeout | |||
| * Description: The intermediary encountered a timeout when trying to | * Description: The intermediary encountered a timeout when trying to | |||
| find an IP address for the next hop hostname. | find an IP address for the next hop hostname. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 504 | * Recommended HTTP status code: 504 | |||
| 2.4.2. DNS Error | 2.3.2. DNS Error | |||
| * Name: dns_error | * Name: dns_error | |||
| * Description: The intermediary encountered a DNS error when trying | * Description: The intermediary encountered a DNS error when trying | |||
| to find an IP address for the next hop hostname. | to find an IP address for the next hop hostname. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - rcode: A sf-string conveying the DNS RCODE that indicates the | - rcode: A sf-string conveying the DNS RCODE that indicates the | |||
| error type. See [RFC8499], Section 3. | error type. See [RFC8499], Section 3. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| 2.4.3. Destination Not Found | 2.3.3. Destination Not Found | |||
| * Name: destination_not_found | * Name: destination_not_found | |||
| * Description: The intermediary cannot determine the appropriate | * Description: The intermediary cannot determine the appropriate | |||
| next hop to use for this request; for example, it may not be | next hop to use for this request; for example, it may not be | |||
| configured. Note that this error is specific to gateways, which | configured. Note that this error is specific to gateways, which | |||
| typically require specific configuration to identify the "backend" | typically require specific configuration to identify the "backend" | |||
| server; forward proxies use in-band information to identify the | server; forward proxies use in-band information to identify the | |||
| origin server. | origin server. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 500 | * Recommended HTTP status code: 500 | |||
| 2.4.4. Destination Unavailable | 2.3.4. Destination Unavailable | |||
| * Name: destination_unavailable | * Name: destination_unavailable | |||
| * Description: The intermediary considers the next hop to be | * Description: The intermediary considers the next hop to be | |||
| unavailable; e.g., recent attempts to communicate with it may have | unavailable; e.g., recent attempts to communicate with it may have | |||
| failed, or a health check may indicate that it is down. | failed, or a health check may indicate that it is down. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 503 | * Recommended HTTP status code: 503 | |||
| 2.4.5. Destination IP Prohibited | 2.3.5. Destination IP Prohibited | |||
| * Name: destination_ip_prohibited | * Name: destination_ip_prohibited | |||
| * Description: The intermediary is configured to prohibit | * Description: The intermediary is configured to prohibit | |||
| connections to the next hop IP address. | connections to the next hop IP address. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| 2.4.6. Destination IP Unroutable | 2.3.6. Destination IP Unroutable | |||
| * Name: destination_ip_unroutable | * Name: destination_ip_unroutable | |||
| * Description: The intermediary cannot find a route to the next hop | * Description: The intermediary cannot find a route to the next hop | |||
| IP address. | IP address. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| 2.4.7. Connection Refused | 2.3.7. Connection Refused | |||
| * Name: connection_refused | * Name: connection_refused | |||
| * Description: The intermediary's connection to the next hop was | * Description: The intermediary's connection to the next hop was | |||
| refused. | refused. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| 2.4.8. Connection Terminated | 2.3.8. Connection Terminated | |||
| * Name: connection_terminated | * Name: connection_terminated | |||
| * Description: The intermediary's connection to the next hop was | * Description: The intermediary's connection to the next hop was | |||
| closed before complete response was received. | closed before complete response was received. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.9. Connection Timeout | 2.3.9. Connection Timeout | |||
| * Name: connection_timeout | * Name: connection_timeout | |||
| * Description: The intermediary's attempt to open a connection to | * Description: The intermediary's attempt to open a connection to | |||
| the next hop timed out. | the next hop timed out. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 504 | * Recommended HTTP status code: 504 | |||
| 2.4.10. Connection Read Timeout | 2.3.10. Connection Read Timeout | |||
| * Name: connection_read_timeout | * Name: connection_read_timeout | |||
| * Description: The intermediary was expecting data on a connection | * Description: The intermediary was expecting data on a connection | |||
| (e.g., part of a response), but did not receive any new data in a | (e.g., part of a response), but did not receive any new data in a | |||
| configured time limit. | configured time limit. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 504 | * Recommended HTTP status code: 504 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.11. Connection Write Timeout | 2.3.11. Connection Write Timeout | |||
| * Name: connection_write_timeout | * Name: connection_write_timeout | |||
| * Description: The intermediary was attempting to write data to a | * Description: The intermediary was attempting to write data to a | |||
| connection, but was not able to (e.g., because its buffers were | connection, but was not able to (e.g., because its buffers were | |||
| full). | full). | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 504 | * Recommended HTTP status code: 504 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.12. Connection Limit Reached | 2.3.12. Connection Limit Reached | |||
| * Name: connection_limit_reached | * Name: connection_limit_reached | |||
| * Description: The intermediary is configured to limit the number of | * Description: The intermediary is configured to limit the number of | |||
| connections it has to the next hop, and that limit has been | connections it has to the next hop, and that limit has been | |||
| passed. | passed. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 503 | * Recommended HTTP status code: 503 | |||
| 2.4.13. TLS Protocol Error | 2.3.13. TLS Protocol Error | |||
| * Name: tls_protocol_error | * Name: tls_protocol_error | |||
| * Description: The intermediary encountered a TLS error when | * Description: The intermediary encountered a TLS error when | |||
| communicating with the next hop, either during handshake or | communicating with the next hop, either during handshake or | |||
| afterwards. | afterwards. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| Note that additional information about the error can be recorded in | Note that additional information about the error can be recorded in | |||
| the details parameter (as is the case for all errors). | the details parameter (as is the case for all errors). | |||
| 2.4.14. TLS Certificate Error | 2.3.14. TLS Certificate Error | |||
| * Name: tls_certificate_error | * Name: tls_certificate_error | |||
| * Description: The intermediary encountered an error when verifying | * Description: The intermediary encountered an error when verifying | |||
| the certificate presented by the next hop. | the certificate presented by the next hop. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| Note that additional information about the error can be recorded in | Note that additional information about the error can be recorded in | |||
| the details parameter (as is the case for all errors). | the details parameter (as is the case for all errors). | |||
| 2.4.15. TLS Alert Received | 2.3.15. TLS Alert Received | |||
| * Name: tls_alert_received | * Name: tls_alert_received | |||
| * Description: The intermediary received a TLS alert from the next | * Description: The intermediary received a TLS alert from the next | |||
| hop. | hop. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - alert-message: an sf-token containing the applicable | - alert-message: an sf-token containing the applicable | |||
| description string from the TLS Alerts registry. | description string from the TLS Alerts registry. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.16. HTTP Request Error | 2.3.16. HTTP Request Error | |||
| * Name: http_request_error | * Name: http_request_error | |||
| * Description: The intermediary is generating a client (4xx) | * Description: The intermediary is generating a client (4xx) | |||
| response on the origin's behalf. Applicable status codes include | response on the origin's behalf. Applicable status codes include | |||
| (but are not limited to) 400, 403, 405, 406, 408, 411, 413, 414, | (but are not limited to) 400, 403, 405, 406, 408, 411, 413, 414, | |||
| 415, 416, 417, 429. | 415, 416, 417, 429. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| skipping to change at page 13, line 27 ¶ | skipping to change at page 13, line 27 ¶ | |||
| code. | code. | |||
| - status-phrase: an sf-string containing the generated status | - status-phrase: an sf-string containing the generated status | |||
| phrase. | phrase. | |||
| * Recommended HTTP status code: The applicable 4xx status code | * Recommended HTTP status code: The applicable 4xx status code | |||
| * Notes: This type helps distinguish between responses generated by | * Notes: This type helps distinguish between responses generated by | |||
| intermediaries from those generated by the origin. | intermediaries from those generated by the origin. | |||
| 2.4.17. HTTP Request Denied | 2.3.17. HTTP Request Denied | |||
| * Name: http_request_denied | * Name: http_request_denied | |||
| * Description: The intermediary rejected the HTTP request based on | * Description: The intermediary rejected the HTTP request based on | |||
| its configuration and/or policy settings. The request wasn't | its configuration and/or policy settings. The request wasn't | |||
| forwarded to the next hop. | forwarded to the next hop. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 403 | * Recommended HTTP status code: 403 | |||
| 2.4.18. HTTP Incomplete Response | 2.3.18. HTTP Incomplete Response | |||
| * Name: http_response_incomplete | * Name: http_response_incomplete | |||
| * Description: The intermediary received an incomplete response to | * Description: The intermediary received an incomplete response to | |||
| the request from the next hop. | the request from the next hop. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.19. HTTP Response Header Section Too Large | 2.3.19. HTTP Response Header Section Too Large | |||
| * Name: http_response_header_section_size | * Name: http_response_header_section_size | |||
| * Description: The intermediary received a response to the request | * Description: The intermediary received a response to the request | |||
| whose header section was considered too large. | whose header section was considered too large. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - header-section-size: an sf-integer indicating how large the | - header-section-size: an sf-integer indicating how large the | |||
| headers received were. Note that they might not be complete; | headers received were. Note that they might not be complete; | |||
| i.e., the intermediary may have discarded or refused additional | i.e., the intermediary may have discarded or refused additional | |||
| data. | data. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.20. HTTP Response Header Too Large | 2.3.20. HTTP Response Header Too Large | |||
| * Name: http_response_header_size | * Name: http_response_header_size | |||
| * Description: The intermediary received a response to the request | * Description: The intermediary received a response to the request | |||
| containing an individual header line that was considered too | containing an individual header line that was considered too | |||
| large. | large. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - header-name: an sf-string indicating the name of the header | - header-name: an sf-string indicating the name of the header | |||
| that triggered the error. | that triggered the error. | |||
| - header-size: an sf-integer indicating the size of the header | - header-size: an sf-integer indicating the size of the header | |||
| that triggered the error. | that triggered the error. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.21. HTTP Response Body Too Large | 2.3.21. HTTP Response Body Too Large | |||
| * Name: http_response_body_size | * Name: http_response_body_size | |||
| * Description: The intermediary received a response to the request | * Description: The intermediary received a response to the request | |||
| whose body was considered too large. | whose body was considered too large. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - body-size: an sf-integer indicating how large the body received | - body-size: an sf-integer indicating how large the body received | |||
| was. Note that it may not have been complete; i.e., the | was. Note that it may not have been complete; i.e., the | |||
| intermediary may have discarded or refused additional data. | intermediary may have discarded or refused additional data. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.22. HTTP Response Trailer Section Too Large | 2.3.22. HTTP Response Trailer Section Too Large | |||
| * Name: http_response_trailer_section_size | * Name: http_response_trailer_section_size | |||
| * Description: The intermediary received a response to the request | * Description: The intermediary received a response to the request | |||
| whose trailer section was considered too large. | whose trailer section was considered too large. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - trailer-section-size: an sf-integer indicating how large the | - trailer-section-size: an sf-integer indicating how large the | |||
| trailers received were. Note that they might not be complete; | trailers received were. Note that they might not be complete; | |||
| i.e., the intermediary may have discarded or refused additional | i.e., the intermediary may have discarded or refused additional | |||
| data. | data. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.23. HTTP Response Trailer Too Large | 2.3.23. HTTP Response Trailer Too Large | |||
| * Name: http_response_trailer_size | * Name: http_response_trailer_size | |||
| * Description: The intermediary received a response to the request | * Description: The intermediary received a response to the request | |||
| containing an individual trailer line that was considered too | containing an individual trailer line that was considered too | |||
| large. | large. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - trailer-name: an sf-string indicating the name of the trailer | - trailer-name: an sf-string indicating the name of the trailer | |||
| that triggered the error. | that triggered the error. | |||
| - trailer-size: an sf-integer indicating the size of the trailer | - trailer-size: an sf-integer indicating the size of the trailer | |||
| that triggered the error. | that triggered the error. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.24. HTTP Response Transfer-Coding Error | 2.3.24. HTTP Response Transfer-Coding Error | |||
| * Name: http_response_transfer_coding | * Name: http_response_transfer_coding | |||
| * Description: The intermediary encountered an error decoding the | * Description: The intermediary encountered an error decoding the | |||
| transfer-coding of the response. | transfer-coding of the response. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - coding: an sf-token containing the specific coding that caused | - coding: an sf-token containing the specific coding that caused | |||
| the error. | the error. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.25. HTTP Response Content-Coding Error | 2.3.25. HTTP Response Content-Coding Error | |||
| * Name: http_response_content_coding | * Name: http_response_content_coding | |||
| * Description: The intermediary encountered an error decoding the | * Description: The intermediary encountered an error decoding the | |||
| content-coding of the response. | content-coding of the response. | |||
| * Extra Parameters: | * Extra Parameters: | |||
| - coding: an sf-token containing the specific coding that caused | - coding: an sf-token containing the specific coding that caused | |||
| the error. | the error. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.26. HTTP Response Timeout | 2.3.26. HTTP Response Timeout | |||
| * Name: http_response_timeout | * Name: http_response_timeout | |||
| * Description: The intermediary reached a configured time limit | * Description: The intermediary reached a configured time limit | |||
| waiting for the complete response. | waiting for the complete response. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 504 | * Recommended HTTP status code: 504 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| 2.4.27. HTTP Upgrade Failed | 2.3.27. HTTP Upgrade Failed | |||
| * Name: http_upgrade_failed | * Name: http_upgrade_failed | |||
| * Description: The HTTP Upgrade between the intermediary and the | * Description: The HTTP Upgrade between the intermediary and the | |||
| next hop failed. | next hop failed. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| 2.4.28. HTTP Protocol Error | 2.3.28. HTTP Protocol Error | |||
| * Name: http_protocol_error | * Name: http_protocol_error | |||
| * Description: The intermediary encountered a HTTP protocol error | * Description: The intermediary encountered a HTTP protocol error | |||
| when communicating with the next hop. This error should only be | when communicating with the next hop. This error should only be | |||
| used when a more specific one is not defined. | used when a more specific one is not defined. | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| * Notes: Responses with this error type might not have been | * Notes: Responses with this error type might not have been | |||
| generated by the intermediary. | generated by the intermediary. | |||
| Note that additional information about the error can be recorded in | Note that additional information about the error can be recorded in | |||
| the details parameter (as is the case for all errors). | the details parameter (as is the case for all errors). | |||
| 2.4.29. Proxy Internal Response | 2.3.29. Proxy Internal Response | |||
| * Name: proxy_internal_response | * Name: proxy_internal_response | |||
| * Description: The intermediary generated the response locally, | * Description: The intermediary generated the response locally, | |||
| without attempting to connect to the next hop (e.g. in response to | without attempting to connect to the next hop (e.g. in response to | |||
| a request to a debug endpoint terminated at the intermediary). | a request to a debug endpoint terminated at the intermediary). | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: | * Recommended HTTP status code: | |||
| 2.4.30. Proxy Internal Error | 2.3.30. Proxy Internal Error | |||
| * Name: proxy_internal_error | * Name: proxy_internal_error | |||
| * Description: The intermediary encountered an internal error | * Description: The intermediary encountered an internal error | |||
| unrelated to the origin. | unrelated to the origin. | |||
| * Extra Parameters: None | * Extra Parameters: None | |||
| * Recommended HTTP status code: 500 | * Recommended HTTP status code: 500 | |||
| Note that additional information about the error can be recorded in | Note that additional information about the error can be recorded in | |||
| the details parameter (as is the case for all errors). | the details parameter (as is the case for all errors). | |||
| 2.4.31. Proxy Configuration Error | 2.3.31. Proxy Configuration Error | |||
| * Name: proxy_configuration_error | * Name: proxy_configuration_error | |||
| * Description: The intermediary encountered an error regarding its | * Description: The intermediary encountered an error regarding its | |||
| configuration. | configuration. | |||
| * Extra Parameters: None | * Extra Parameters: None | |||
| * Recommended HTTP status code: 500 | * Recommended HTTP status code: 500 | |||
| Note that additional information about the error can be recorded in | Note that additional information about the error can be recorded in | |||
| the details parameter (as is the case for all errors). | the details parameter (as is the case for all errors). | |||
| 2.4.32. Proxy Loop Detected | 2.3.32. Proxy Loop Detected | |||
| * Name: proxy_loop_detected | * Name: proxy_loop_detected | |||
| * Description: The intermediary tried to forward the request to | * Description: The intermediary tried to forward the request to | |||
| itself, or a loop has been detected using different means (e.g. | itself, or a loop has been detected using different means (e.g. | |||
| [RFC8586]). | [RFC8586]). | |||
| * Extra Parameters: None. | * Extra Parameters: None. | |||
| * Recommended HTTP status code: 502 | * Recommended HTTP status code: 502 | |||
| 2.5. Defining New Proxy Error Types | 2.4. Defining New Proxy Error Types | |||
| New Proxy Error Types can be defined by registering them in the HTTP | New Proxy Error Types can be defined by registering them in the HTTP | |||
| Proxy Error Types registry. | Proxy Error Types registry. | |||
| Registration requests are reviewed and approved by a Designated | Registration requests are reviewed and approved by a Designated | |||
| Expert, as per [RFC8126], Section 4.5. A specification document is | Expert, as per [RFC8126], Section 4.5. A specification document is | |||
| appreciated, but not required. | appreciated, but not required. | |||
| The Expert(s) should consider the following factors when evaluating | The Expert(s) should consider the following factors when evaluating | |||
| requests: | requests: | |||
| skipping to change at page 19, line 43 ¶ | skipping to change at page 19, line 43 ¶ | |||
| See the registry at https://iana.org/assignments/http-proxy-status | See the registry at https://iana.org/assignments/http-proxy-status | |||
| (https://iana.org/assignments/http-proxy-status) for details on where | (https://iana.org/assignments/http-proxy-status) for details on where | |||
| to send registration requests. | to send registration requests. | |||
| 3. IANA Considerations | 3. IANA Considerations | |||
| Upon publication, please create the HTTP Proxy-Status Parameters | Upon publication, please create the HTTP Proxy-Status Parameters | |||
| registry and the HTTP Proxy Error Types registry at | registry and the HTTP Proxy Error Types registry at | |||
| https://iana.org/assignments/http-proxy-statuses | https://iana.org/assignments/http-proxy-statuses | |||
| (https://iana.org/assignments/http-proxy-statuses) and populate them | (https://iana.org/assignments/http-proxy-statuses) and populate them | |||
| with the types defined in Section 2.1 and Section 2.4 respectively; | with the types defined in Section 2.1 and Section 2.3 respectively; | |||
| see Section 2.3 and Section 2.5 for its associated procedures. | see Section 2.2 and Section 2.4 for its associated procedures. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| One of the primary security concerns when using Proxy-Status is | One of the primary security concerns when using Proxy-Status is | |||
| leaking information that might aid an attacker. For example, | leaking information that might aid an attacker. For example, | |||
| information about the intermediary's configuration and back-end | information about the intermediary's configuration and back-end | |||
| topology can be exposed. | topology can be exposed. | |||
| As a result, care needs to be taken when deciding to generate a | As a result, care needs to be taken when deciding to generate a | |||
| Proxy-Status field. Note that intermediaries are not required to | Proxy-Status field. Note that intermediaries are not required to | |||
| End of changes. 44 change blocks. | ||||
| 82 lines changed or deleted | 82 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||